Two-time finalist for Gerald Loeb Award - this year for Forbes magazine work and in 2010 for online commentary and blogging. I am a C.P.A. and freelance journalist with credits in the Financial Times, Boston Review, American Banker, Columbia Journalism Review, Accountancy Age, Accountancy Magazine, Forbes, and others. I also blog at my own site, re: The Auditors, a specialized news site about the business of the Big 4 audit firms. I have been quoted in the New York Times, Wall Street Journal, Chicago Tribune, Crain's Chicago Business, Chicago Magazine, Chicago Sun-Times, Financial Times, Reuters, Forbes, Harvard Business Review, BusinessWeek, American Lawyer, California Lawyer, American Banker, Columbia Journalism Review, The Times of London, The Guardian, the Financial Chronicle (India) and others. To reach me email fmckenna2010@gmail.com.

8/07/2012 @ 4:05PM44,733 views

Deloitte and Standard Chartered Bank: In Service To Profit Above All

Yesterday’s threat by the New York State Department of Financial Services to strip Standard Chartered PLC of its license to do business in the state for its alleged illegal dealings with Iranian banks is not the first time the U.K. bank has tangled with U.S. regulators.

Back in October 2004, New York State and the Federal Reserve Bank of New York issued an enforcement order to Standard Chartered Bank requiring it to “adopt sound” Bank Secrecy Act/Anti-Money Laundering practices with respect to foreign bank correspondent accounts. That order also required the bank to hire an independent consultant who would report periodically on the bank’s progress to the regulators and conduct a retrospective transaction review, or “look back” review, covering the period July 2002 through October 2004.

Deloitte was chosen as the “independent” consultant. But it didn’t take very long for Deloitte to become more than just an “independent” consultant hired to help it fix its BSA/AML issues.

According to the results of a New York DFS investigation published yesterday, before long Deloitte had morphed from “independent” consultant, in service to the regulators, to “service provider”. As a “service provider” Deloitte apparently aided and abetted the bank’s continued illegal activities by sharing confidential information about other clients’ similar illegal activities and “watering down” reports to the regulators.

There’s big temptation for Deloitte or any of the Big Four audit firms who get the growing number of plum “governance, risk and compliance” roles as supposedly “independent” consultants to the banks. There are so many consent decrees and settlement subjects looking for help to reassure regulators they are on the straight and narrow now, it’s inevitable that the auditors would look at the banks and see dollar signs from future work rather than scofflaws who need to be scrutinized.

Being adversarial is not profitable.

Based on the Standard Chartered Bank experience, it’s clear to me that a Big Four firm that wants to grow its consulting business is sorely tempted to “work with” a client it wants to do business with in the future, as a consultant or even as a future auditor.

That’s what I warned about when Deloitte was awarded the “independent” consultant role at JP Morgan Chase, performing the “look back” review required by the OCC/Fed consent decrees signed with a dozen banks in April of 2011 as a result of foreclosure abuses. Deloitte has an even bigger incentive to cheat and look out for JPM Chase and itself on that engagement, rather than borrowers who were cheated by the bank. Most of the foreclosures Deloitte is “independently” reviewing are based on mortgages acquired by JPM from Bear Stearns and Washington Mutual, two of Deloitte’s audit clients before those institutions failed and were taken over by JPM.

When Deloitte finds a problem with mortgages and foreclosures by Bear Stearns and Washington Mutual at JPM, the firm is highlighting controls and fraud it missed while auditor of those firms. And it’s costing lucrative consulting client JPM more money in payouts to borrowers.

Fat chance…

According to the New York DFS, in August and September 2005, Deloitte “unlawfully gave [Standard Chartered Bank] confidential historical transaction review reports that it had prepared for two other major foreign banking clients that were under investigation for OFAC violations and money laundering activities.”

Now that SCB knew what the regulators were looking for, executives asked Deloitte to delete any references to the types of payments that could ultimately reveal their illegal activities from its draft “independent” report. A Deloitte partner, the Global Leader of Deloitte’s Anti-Money Laundering/Trade Sanctions practice reported to have been lawyer Michael Zeldin, admitted in an email obtained by the regulators that he had agreed to the bank’s request because “this is too much and too politically sensitive for both Standard Chartered Bank and Deloitte. That is why I drafted the watered-down version.”

Deloitte has not yet confirmed or denied the identity of the partner named in the report.

Deloitte’s Financial Advisory Services consultants are also acting as an “independent “ consultant in another BSA/AML case. The firm has been running the meter as a “look back” reviewer of transactions at HSBC after that bank was cited for multiple anti-money laundering failures. Reuters reported last month that HSBC managers were more concerned with clearing out paperwork as fast as possible than in investigating transactions linked to illegal activities. HSBC is now hiring PwC to supplement the work that needs to be done after coming under additional fire for lack of progress in addressing problems from a Congressional investigation.

Deloitte is a major contractor for the US government. Its federal services arm was bolstered considerably by the 2009 acquisition of BearingPoint’s federal services practice when that firm – a spinoff from KPMG in 1999, went bankrupt. But as the only Big Four firm to not sell its consulting arm after the passage of Sarbanes-Oxley and the introduction of new scope of services restrictions to support more auditor independence, Deloitte is the biggest and strongest of all the firms in technology and systems implementation, in particular. So, it would not surprise me at all to find that Deloitte helped the bank with the challenges described in the DFS document that I’ve highlighted in bold:

SCB instead conspired with Iranian Clients to transmit misinformation to the New York branch by removing and otherwise misrepresenting wire transfer data that could identify Iranian parties. For example, regarding necessary wire transfer documentation, SCB instructed CBI/Markazi to “send in their MT202’s18 with a [SCB London‟s business identifier code] as this is what we required them to do in the initial set up of the account. Therefore, the payments going to NY do not appear to NY to have come from an Iranian Bank.” (emphasis added).

SCB also accomplished this subterfuge by: (a) inserting special characters (such as “.”) in electronic message fields used to identify transacting parties; (b) inserting phrases such as “NO NAME GIVEN” or “NOT STATED” in lieu of requested information that would identify Iranian Clients; and (c) employing a system known as SCB‟s “repair procedure,” whereby SCB overseas employees screened payment messages – before they were communicated to its New York branch – in order to ascertain if any messages contained information that identified Iranian Clients.

SCB understood that simply omitting Iranian Client information on SWIFT MT 202 payment messages going to New York was insufficient because the electronic payment system would automatically fill in blank data fields, identifying the Iranian Client. Consequently, in order to disguise the transactions effectively and thereby avoid regulatory scrutiny, SCB made false and misleading entries in SWIFT “field 52,” a data field that would identify the Iranian party…

Senior SCB management memorialized many of these procedures in formal operating manuals. One such manual entitled, “Quality Operating Procedure Iranian Bank Processing,” directed SCB London employees to “repair payment[s] by making appropriate changes” to transacting party codes. It provided step-by-step wire stripping instructions for any payment messages containing information that would identify Iranian Clients. An example directive read: “[e]nsure that if the field 52 of the payment is blank or displayes [sic] any SWIFT code that it is overtyped at the repair stage to a „.‟ This will change the outgoing field 52 on the MT103 to a field 52D of „.‟ Or, in the case of a „normal‟ MT202 instruction change the field 52 on the outgoing MT202 to [SCB‟s New York branch] to a „.‟ (Note: if this is not done then the Iranian Bank SWIFT code may appear – depending on routing – on the payment message being sent to [the New York branch]).”

An instruction on that manual’s cover stressed that “this procedure is a mandatory requirement” and that “[a]mendment is not permitted without prior approval of the Head of Cash Management Services UK Quality System.” SCB‟s chief lawyer in charge of Legal & Compliance for its Wholesale Bank division commented to other senior legal and compliance staff that the document, “read in isolation, is clearly . . . designed to hide, deliberately, the Iranian connection of payments.”

These masking procedures evolved to meet SCB‟s growing volume demands. When SCB anticipated that its business with Iranian Clients would grow too large for SCB employees to “repair” manually the instructions for New York bound wire transfers, SCB automated the process by building an electronic repair system with “specific repair queues,” for each Iranian Client.

Deloitte is also the auditor for the Federal Reserve Bank, which is kind of ironic since it was supposedly preparing reports on behalf of one client, Standard Chartered Bank, to lie to another client, the Fed.

Deloitte is under fire in several other places including overseas. The Public Company Accounting Oversight Board, which regulates US audit firms, disclosed private portions of a Deloitte inspection report for 2007 that highlighted poor quality and administrative controls. The disclosure came after several years of legal wrangling by the firm, appeals to the SEC and stonewalling on even acknowledging the issues.

In 2011 Deloitte was criticized for failing to report possible fraud at Kabul Bank in Afghanistan. They lost the contract to provide technical assistance to its central bank.

Deloitte’s Chinese member firm has resigned or been dismissed as the auditor by seven US-listed Chinese companies as a result of suspected fraud. Deloitte is a defendant in lawsuits for several and also subject to an administrative order from the SEC to turn over workpapers from some of the audits. So far it has refused based on a desire to respect Chinese state secrecy laws.

Post Your Comment

Post Your Reply

Forbes writers have the ability to call out member comments they find particularly interesting. Called-out comments are highlighted across the Forbes network. You'll be notified if your comment is called out.

Comments

How long do we continue to allow common criminals to perpertrate fraud after fraud, discuss it between themselves, be told by lawyers it’s dicey at best and blatantly illegal at worst and do nothing. What kind of jackasses support such behavior. I would have been in jail years ago had I tried such schemes, but these guys expect to pay a fine or a settlement that represents but a small portion of their ill-gotten gains. We need jail terms and personal fines with effective action against the banks. Can’t figure out how to break them up? Hit one with a fine so large they have to start shedding parts to survive and watch the unbreakable financial behemoth start to come apart.

Not surprised at all. Deloitte’s Financial Advisory Group (“FAS”) is run using bullying tactics driven by the lead partners in that group, and especially the Northeast Region, who often push people to do the wrong thing in the name of compliance and regulation.

FAS brings in about 4 percent of the revenue at Deloitte, but based on many of the findings in the PCAOB report, I suspect that an overwhelming share of the problems are related to this group of specialists and its conflict of interest with Deloitte’s auditors.

Unfortunately, the FAS leadership often uses heavy-handed tactics to bully its employees into compromising their values and doing the wrong thing. Deloitte’s Office of General Consul is also conflicted as this group attempts to do damage control against any potential whistle blower.

While I understand that Deloitte is not the only firm that has groups run in this way; I am surprised that they are able to keep working in this way, and will continue to be able to sell themselves as independent consultants in the name of compliance, especially given the same criticism engagement after engagement.